View Javadoc
1   /**
2    * This file Copyright (c) 2011-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.ui.form.field;
35  
36  import info.magnolia.cms.security.SecurityUtil;
37  import info.magnolia.context.Context;
38  import info.magnolia.context.MgnlContext;
39  import info.magnolia.ui.form.field.definition.PasswordFieldDefinition;
40  
41  import javax.inject.Provider;
42  
43  import org.apache.commons.lang3.StringUtils;
44  
45  import com.vaadin.ui.Component;
46  import com.vaadin.v7.data.Validator.InvalidValueException;
47  import com.vaadin.v7.ui.CustomField;
48  import com.vaadin.v7.ui.Label;
49  import com.vaadin.v7.ui.PasswordField;
50  import com.vaadin.v7.ui.VerticalLayout;
51  
52  /**
53   * Password field that is capable of
54   * <ul>
55   *     <li>Checking if current user password matches the entered one in the current password field (compared using BCrypt).</li>
56   *     <li>Verifying whether passwords entered in the password verification fields matches.</li>
57   * </ul>
58   */
59  public class PasswordFields extends CustomField<String> {
60  
61      private PasswordField passwordField;
62      private PasswordField verificationField;
63      private PasswordField currentPasswordField;
64      private Provider<Context> contextProvider;
65      private PasswordFieldDefinition definition;
66      private VerticalLayout layout;
67  
68      public PasswordFields(Provider<Context> contextProvider, PasswordFieldDefinition definition) {
69          this.contextProvider = contextProvider;
70          this.definition = definition;
71  
72          passwordField = new PasswordField();
73          passwordField.setNullRepresentation("");
74          passwordField.setWidth("100%");
75          if (this.definition.isVerification()) {
76              verificationField = new PasswordField();
77              verificationField.setNullRepresentation("");
78              verificationField.setWidth("100%");
79          }
80          if (this.definition.isVerificationCurrentPassword()) {
81              currentPasswordField = new PasswordField();
82              currentPasswordField.setNullRepresentation("");
83              currentPasswordField.setWidth("100%");
84          }
85  
86          getContent();
87      }
88  
89      /**
90       * Create a {@link CustomField} based on a {@link VerticalLayout}.
91       * The layout is composed by:
92       * - {@link PasswordField}.
93       * if verification:
94       * - {@link Label} (verificationMessage).
95       * - {@link PasswordField}.
96       * @deprecated since 5.5.2 - use {@link #PasswordFields(Provider, PasswordFieldDefinition)} instead.
97       */
98      @Deprecated
99      public PasswordFields(boolean verification, String verificationMessage, String verificationErrorMessage) {
100         this(MgnlContext::getInstance, new PasswordFieldDefinition());
101     }
102 
103     @Override
104     protected Component initContent() {
105         // Init layout
106         layout = new VerticalLayout();
107         if (definition.isVerificationCurrentPassword()) {
108             layout.addComponent(new Label(definition.getVerificationCurrentPasswordMessage()));
109             layout.addComponent(currentPasswordField);
110         }
111         // add inner label to passwordField only when currentPasswordField or verificationField are used because otherwise field label is enough
112         if (definition.isVerification() || definition.isVerificationCurrentPassword()) {
113             layout.addComponent(new Label(definition.getPasswordMessage()));
114         }
115         layout.addComponent(passwordField);
116         if (definition.isVerification()) {
117             layout.addComponent(new Label(definition.getVerificationMessage()));
118             layout.addComponent(verificationField);
119         }
120         return layout;
121     }
122 
123     public VerticalLayout getVerticalLayout() {
124         return this.layout;
125     }
126 
127     /**
128      * Check if both fields are equals.
129      */
130     @Override
131     public void validate() throws InvalidValueException {
132         super.validate();
133         // if there is a validationField and user put value to it, then validate it to show unmatched warning.
134         boolean validationFieldHasValue = verificationField != null && StringUtils.isNotBlank(verificationField.getValue());
135         if (StringUtils.isNotBlank(passwordField.getValue()) || validationFieldHasValue) {
136             if (definition.isVerificationCurrentPassword()) {
137                 if (StringUtils.isBlank(currentPasswordField.getValue()) || !SecurityUtil.matchBCrypted(currentPasswordField.getValue(), contextProvider.get().getUser().getPassword())) {
138                     throw new InvalidValueException(definition.getVerificationCurrentPasswordErrorMessage());
139                 }
140             }
141             if (definition.isVerification()) {
142                 if (StringUtils.isBlank(passwordField.getValue()) || StringUtils.isBlank(verificationField.getValue())) {
143                     throw new InvalidValueException(definition.getVerificationErrorMessage());
144                 }
145                 if (!passwordField.getValue().equals(verificationField.getValue())) {
146                     throw new InvalidValueException(definition.getVerificationErrorMessage());
147                 }
148             }
149             setInvalidCommitted(true);
150             setValue(passwordField.getValue(), true);
151         }
152     }
153 
154     @Override
155     public Class<String> getType() {
156         return String.class;
157     }
158 
159     @Override
160     public void setReadOnly(boolean readOnly) {
161         super.setReadOnly(readOnly);
162         passwordField.setReadOnly(readOnly);
163         if (verificationField != null) {
164             verificationField.setReadOnly(readOnly);
165         }
166     }
167 
168     @Override
169     public boolean isEmpty() {
170         // this method is used to evaluate if field contains non empty value for validation of required field
171         String currentFieldValue = StringUtils.firstNonBlank(passwordField.getValue(), getInternalValue());
172         return StringUtils.isBlank(currentFieldValue);
173     }
174 }